Why Linux is better than Windows or macOS for security

All of this said I'm am wondering what perception of Windows most folks are going by. Vista and forward were way more secure than XP and back. Especially Windows 9x where there were basically no limitations to the access of anything. Linux certainly beats the older versions of Windows and always did. Do perceptions change as improvements are made?

 

Linux is certainly more secure than Windows if we consider two OSes by default.
Installing software from repositories also provides greater inherent security.
This doesn't mean that an aware and competent user can't achieve the same security when installing Windows software.
Linux moreover for its fragmentation in various distros and a smaller diffusion can be a less attractive target than Windows.

When my Windows XP pc was still alive I used to perform the same operations that today I do with Windows 10/11/Xubuntu.

Even if many W. members can't understand what I'm going to write now, I considered my Windows XP PC as equally secure as the modern Operating Systems I use now.

 

I'm not trying to pick on you, I just can't agree with most of it overall.
As for the repository thing, not at all. Anyone can make any repository they want. We created our own private one to update in-house Raspberry Pi devices. There is nothing about it that makes it more secure than the Windows software we make.
Linux fragmentation means little for targeting, you basically have 2 underlying versions to deal with. Most all of them are based on Debian or Red Hat. That alone is not a deal breaker. The smaller overall user base is more so.
The fact that you used the word "considered" for XP concludes that this is opinion and not fact. That you were able to secure it to your own satisfaction is great, but overall there was almost nobody that ran XP as anything other than administrator. Current Windows is way more advanced.
In conclusion I say what I always do, run what you want to and set it up to your own satisfaction. You can't go wrong if you're happy with your setup. That said, things work how they work.

 

You're right, it's an opinion, supported by the fact that I never got infected with all the operating systems I used.
Even the ones before Windows XP that I used for 17 years.

 

Thinking back on it I have never been infected by anything dangerous in my experience with everything from Windows 3.1 forward. If you're careful and skilled (and a little bit lucky) you can avoid it in most cases. Computer security is probably about 90% the end user.

 

P.S. Although I feel that I have not been lucky...............

 

You repository is not used by default on any system outside your company and its clients I guess.

There were many instances when attacker published ad above search engine results (i.e. Google). User downloaded software from that website instead of legitimate one.
As long as user sticks to distribution repositories he/she is protected against that kind of dangerous mistake.

Repositories are also a good way to distribute updates. Instead of having gazzilion update-services and background processes there is one central thing that checks for new version.

 

Our repository is only for our clients, but I still have to feel there is nothing that makes them more secure in general. It took much research to figure out to to get a private one going, but after all of that there was nothing that made me feel it is any more secure or reliable than a 3rd party Windows application that has its own updater. It is also quite annoying when a repository gets broken. A novice user would not even want to deal with that mess.

 

I had many instances when program wanted to update in the middle of my work and when declined it didn't reappear when I ended my work. I didn't know how to trigger that updater again, so I had not-up-to-date software installed for a few days.

That user may want to use a stable distro. In the previous months I didn't want to deal with broken repositories, so I pinned my Debian from unstable to bullseye branch (it was frozen testing branch ten). I had to deal with some conflicts and questions one last time. From that time I can type apt-get update && aptitude safe-upgrade and brainlessly accept. It always installs security & reliability updates without causing any problems.

 

Right, as long as people stick to the official, default-enabled recommended repositories, they can't go wrong. These repos are carefully maintained, and I've never had these break on me. MX-21, a Debian-based distro, will even generate a warning if you try to enable anything else in the Repo manager, such as one of the testing repositories. If people want to be mavericks and add sketchy 3rd-party repos and install software from them, they do so at their own risk. This is no different than those who choose to download and install sketchy software on Windows.

 

Random example of malware distributed via a repository:

https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry

 

You obviously just read the word "repository" in the previous posts and took the opportunity - but you completely missed the fact that the npm repository has never been an official repository in any Linux distro. Yes, the npm package is used in practically all distros, and in cases like that one it is not completely impossible that a malicious update is added before the infection is noticed. However, even Windows uses open-source packages for specific purposes, and this can happen to them as well. So this is no argument against Linux as you probably wanted to tell us. Nice try, though.

EDIT: And this can happen to any closed-source packages in Windows (like drivers) as well, of course.

 

NPM is not a repository for any Gnu/Linux distribution. It is repository Javascript programmers use.

 

I remember that in the other topic about Unix vs Windows, you said that you could quote a lot of experts that believe Unix is safer by design. So I can ask you the same thing, who are they exactly and how many of them believe in this?

So you can keep repeating that Unix is safer by design, but in the end of the day it's an opinion, not a fact. But anyway, I also remember that you called Windows a ''security nightmare'', so can you share some stories about that? Were these drive by attacks or did you download malware by mistake?

 

That's where you are wrong, it's purely a technical discussion to me, there is no need to believe anything. My opinion is not based on perception, but on technical know how and my own experience of using Windows for over 25 years. So it's not about being a fanboy, I can switch to Linux and macOS tommorrow, but I would still keep saying the same.

If anything, it's more likely that Unix fanboys have a deep seeded need to believe that Unix systems are more secure, otherwise what is the point of dumping Windows? I mean it's good enough for 90% of all PC's in the world apparently, and this has been the case for the last 30 years or so, so M$ must be doing something right LOL.

 

Everyone knows that Windows is far more vulnerable to this type of attack than Linux and macOS, but not because of its design, but because of it's market share, that's my point of view. Like I said, on hacking contests they are able to hack Windows, macOS and Ubuntu in the exact same way. So how are they more secure by design?

Of course, if there are 20 zero days in Windows and only 5 in macOS and Ubuntu, then you could say that Windows is more vulnerable to drive by attacks, but on the other hand it only takes one zero day to do any serious damage. I'm sure you have read about targeted attacks in 2021 on macOS and iOS via zero days in Firefox and WhatsApp, and first party security couldn't block it.

If I was targeted on Windows with the same type of zero days, I would actually feel a lot more secure, and that's because of my third party tools that will make life for hackers quite unpleasant. About adult sites, a browser with ad-blocker is most likely already enough to protect against malvertising.

 

The way I see it, the risk of getting hit by some drive by attack on Windows is very small. Even if you happen to encounter one, Windows Defender should be able to block at least 95% of all malware. If like me you don't won't to put your eggs in one basket, use third party tools that can block exploits and malware.

Then there's the risk of downloading malware by mistake. By now everyone knows not to respond to shady emails and websites. And in practice, most noobs will only use 10 to 20 mostly popular apps downloaded directly from the software vendor, no app store is required to keep them safe.

I have quite a big family and AFAIK nobody is having problems with malware, same goes for my group of friends. The people that get in trouble on Windows, would most likely also get in trouble on macOS and Linux if there was more malware available for it.

 

No I don't think so. It seems like many people are still stuck in the days of Win XP. While in reality, Win 8/10/11 are way more secure. I wonder what changes they would like to see in Windows, security wise? So a more popular app store seems to be very important and perhaps app sandboxing? Would that do the trick?

 

And yet ...

And yet you don't use Linux or Mac ...

You do seem to have a peculiar obsession with people you designate 'fanboys'. Otherwise, why start this slightly provocative thread in the Unix section? You don't run Unix.

I dumped Windows for Ubuntu and macOS because I prefer Unix. That Ubuntu and macOS are inherently more secure is an added bonus.



Plus it looks better IMO lol.

 

Windows is a security nightmare because of third party AV's/anti-malware false positives. Well, that and it is not as secure as Unix. Whether you want to believe it or not, Unix was always safer by design. If you want to believe otherwise that's great. I'm sure if you keep repeating it out aloud it will become true. Or it might not. It all depends what you believe.

 

Que? ... a slice of enlightenment.
https://www.ipswitch.com/blog/unix-has-always-been-more-secure-than-windows

 

Not my intention at all…

I wanted to mention that using a repository as your source for software is no guarantee that it will be safe to use.

(PS: In my spare time I have developed a few Node.js scripts that I run on a Raspberry Pi (Linux!); I am aware of the difference between the repository I get Node.js from and npmjs that I use to manage some packages used in my scripts, but I don’t think the difference is relevant for my point that repositories don’t guarantee safety - though they are probably better than using a random site as source)

 

Nothing guarantees it. It is always about risk reduction.

 

I have been a puppy linux user for approximately 2 years now and has the ability to run the entire os in ram which makes things run a tad faster and also can reboot into a clean slate if anything malicious enters the system.

 

The problem is that you mix up any random 3rd-party repositories with the official repositories of a distro. That makes no sense, sorry.